mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-12 03:10:13 +00:00
Code Issues Projects Releases Wiki Activity

libseccomp: update to latest

Browse Source 
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Jonathan Liu
2016-08-07 11:29:20 +10:00
committed by Armin Kuster
parent 6f09eccae7
commit cd59718eb0
17 changed files with 3 additions and 3272 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1253
recipes-security/libseccomp/files/0001-arch-add-a-ppc64-syscall-table.patch
View File

File diff suppressed because it is too large Load Diff

203
recipes-security/libseccomp/files/0001-tests-create-install-tests-target.patch
View File

@@ -1,203 +0,0 @@
From e8e166cdc1fc31e02d568424e17b9f9fc1e95256 Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe@deserted.net>
Date: Mon, 28 Oct 2013 15:40:14 -0400
Subject: [PATCH 1/3] tests: create install-tests target
It can be useful, in particular on a cross-build setup, to install the
tests and regression suite in addition to the library itself. Since most
people probably don't want that by default, though, create an
install-tests target that will place tests and regression script in
$(INSTALL_LIB_DIR)/libseccomp/tests and install the necessary tools in
$(INSTALL_BIN_DIR)/bin.
Upstream-Status: Submitted [http://www.mail-archive.com/libseccomp-discuss@lists.sourceforge.net/msg00470.html]
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
Makefile | 9 +++++++++
README | 8 ++++++++
install.mk | 1 +
macros.mk | 18 ++++++++++++++++++
tests/Makefile | 7 ++++++-
tests/regression | 19 ++++++++++++++++---
tools/Makefile | 3 +++
7 files changed, 61 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 1f61f20..8cb0a16 100644
--- a/Makefile
+++ b/Makefile
@@ -40,6 +40,7 @@ include install.mk
CONFIGS = configure.mk configure.h version_info.mk libseccomp.pc
SUBDIRS_BUILD = include src tests tools
SUBDIRS_INSTALL = include src tools doc
+SUBDIRS_INSTALL_TEST = tools tests
.PHONY: tarball install check check-syntax ctags cstags clean dist-clean \
$(SUBDIRS_BUILD)
@@ -106,6 +107,14 @@ check: tools tests
check-syntax:
@./tools/check-syntax
+install-tests: $(SUBDIRS_INSTALL_TEST)
+ @$(ECHO_INFO) "installing tests in $(INSTALL_PREFIX) ..."
+ $(ECHO_INFO) "installing from $$dir/"
+ @for dir in $(SUBDIRS_INSTALL_TEST); do \
+ $(ECHO_INFO) "installing from $$dir/"; \
+ $(MAKE) -C $$dir install-tests; \
+ done
+
ctags:
@$(ECHO_INFO) "generating ctags for the project ..."
@ctags -R *
diff --git a/README b/README
index 37b9709..14ae254 100644
--- a/README
+++ b/README
@@ -41,6 +41,14 @@ to run all of the tests you can simply run the script:
However, the script takes a number of options to customize its execution; the
options can be displayed by running "./regression -h".
+It is also possible to install the tests and regression script to the system by
+issuing:
+
+ # make install-tests
+
+When complete, installed tests and regression script may be found in
+$LIBDIR/lib/libseccomp/test
+
* Other Useful Tools
The "tools/" directory includes a number of tools which may be helpful in the
diff --git a/install.mk b/install.mk
index 123af33..f6aa311 100644
--- a/install.mk
+++ b/install.mk
@@ -24,6 +24,7 @@ INSTALL_PREFIX ?= $(CONF_INSTALL_PREFIX)
INSTALL_SBIN_DIR ?= $(DESTDIR)/$(INSTALL_PREFIX)/sbin
INSTALL_BIN_DIR ?= $(DESTDIR)/$(INSTALL_PREFIX)/bin
INSTALL_LIB_DIR ?= $(DESTDIR)/$(CONF_INSTALL_LIBDIR)
+INSTALL_TEST_DIR ?= $(DESTDIR)/$(CONF_INSTALL_LIBDIR)/libseccomp/tests
INSTALL_INC_DIR ?= $(DESTDIR)/$(INSTALL_PREFIX)/include
INSTALL_MAN_DIR ?= $(DESTDIR)/$(INSTALL_PREFIX)/share/man
diff --git a/macros.mk b/macros.mk
index 6df5b3a..e7c196d 100644
--- a/macros.mk
+++ b/macros.mk
@@ -206,6 +206,24 @@ INSTALL_INC_MACRO += \
$^ "$(INSTALL_INC_DIR)";
ifeq ($(V),0)
+ INSTALL_TEST_MACRO = @echo " INSTALL $^ ($(INSTALL_TEST_DIR))";
+endif
+INSTALL_TEST_MACRO += \
+ $(INSTALL) -o $(INSTALL_OWNER) -g $(INSTALL_GROUP) \
+ -d "$(INSTALL_TEST_DIR)"; \
+ $(INSTALL) -o $(INSTALL_OWNER) -g $(INSTALL_GROUP) -m 0755 \
+ $^ "$(INSTALL_TEST_DIR)";
+
+ifeq ($(V),0)
+ INSTALL_REGRESSION_TEST_MACRO = @echo " INSTALL regression ($(INSTALL_TEST_DIR))";
+endif
+INSTALL_REGRESSION_TEST_MACRO += \
+ $(INSTALL) -o $(INSTALL_OWNER) -g $(INSTALL_GROUP) \
+ -d "$(INSTALL_TEST_DIR)"; \
+ $(INSTALL) -o $(INSTALL_OWNER) -g $(INSTALL_GROUP) -m 0755 \
+ regression "$(INSTALL_TEST_DIR)";
+
+ifeq ($(V),0)
INSTALL_MAN1_MACRO = \
@echo " INSTALL manpages ($(INSTALL_MAN_DIR)/man1)";
endif
diff --git a/tests/Makefile b/tests/Makefile
index 5fdbca7..135551c 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -31,6 +31,7 @@ include ../macros.mk
include $(TOPDIR)/version_info.mk
include $(TOPDIR)/configure.mk
+include $(TOPDIR)/install.mk
OBJS = util.o
@@ -71,7 +72,7 @@ DEPS_TESTS = $(TESTS:%=%.d)
# targets
#
-.PHONY: check clean
+.PHONY: check clean install-tests
all: $(TESTS) $(OBJS)
@@ -91,5 +92,9 @@ $(TEST_PRIVATE): 00-test.c $(OBJS) ../src/libseccomp.a
check: $(TESTS)
./regression
+install-tests: $(TESTS) $(TESTS:%=%.tests)
+ $(INSTALL_TEST_MACRO)
+ $(INSTALL_REGRESSION_TEST_MACRO)
+
clean:
$(RM) $(DEPS_TESTS) $(DEPS_OBJS) $(TESTS) $(TEST_PRIVATE) $(OBJS) *.pyc
diff --git a/tests/regression b/tests/regression
index 790d5e1..3c293a4 100755
--- a/tests/regression
+++ b/tests/regression
@@ -23,9 +23,18 @@
GLBL_ARCH_SUPPORT="x86 x86_64 x32 arm"
-GLBL_SYS_ARCH="../tools/scmp_arch_detect"
-GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
-GLBL_SYS_SIM="../tools/scmp_bpf_sim"
+GLBL_SYS_PATH=$(dirname $(readlink -m $0))
+if [ -d $GLBL_SYS_PATH/../tools/ ]; then
+ # prepend ../tools to $PATH so we can use verify_deps to check for
+ # scmp_* support binaries if regression is running out of the build
+ # tree.
+ PATH=$GLBL_SYS_PATH/../tools/:$PATH
+ export PATH
+fi
+
+GLBL_SYS_ARCH=$(which scmp_arch_detect)
+GLBL_SYS_RESOLVER=$(which scmp_sys_resolver)
+GLBL_SYS_SIM=$(which scmp_bpf_sim)
####
# functions
@@ -761,6 +770,9 @@ verify_deps head
verify_deps sed
verify_deps seq
verify_deps tr
+verify_deps scmp_arch_detect
+verify_deps scmp_sys_resolver
+verify_deps scmp_bpf_sim
# global variables
declare -a batch_list
@@ -865,6 +877,7 @@ arch=$($GLBL_SYS_ARCH)
# display the test output and run the requested tests
echo "=============== $(date) ===============" >&$logfd
echo "Regression Test Report (\"regression $*\")" >&$logfd
+cd $(dirname $0)
for mode in $mode_list; do
run_tests
done
diff --git a/tools/Makefile b/tools/Makefile
index 79c7d25..9f4ffea 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -62,5 +62,8 @@ $(TOOLS):
install: $(TOOLS_INSTALL)
$(INSTALL_BIN_MACRO)
+install-tests: $(TOOLS)
+ $(INSTALL_BIN_MACRO)
+
clean:
$(RM) $(DEPS) $(TOOLS)
--
1.7.10.4

128
recipes-security/libseccomp/files/0002-arch-add-the-basic-initial-support-for-ppc64-to-the-.patch
View File

@@ -1,128 +0,0 @@
From 70c69945bf0da09baec2e109ba19b883de4d0e80 Mon Sep 17 00:00:00 2001
From: Paul Moore <pmoore@redhat.com>
Date: Fri, 26 Sep 2014 12:06:18 -0400
Subject: [PATCH 02/11] arch: add the basic initial support for ppc64 to the
arch-dependent code
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
src/arch.c | 21 +++++++++++++++++++++
src/python/libseccomp.pxd | 2 ++
src/python/seccomp.pyx | 7 +++++++
3 files changed, 30 insertions(+)
diff --git a/src/arch.c b/src/arch.c
index e29b579..64fc1d1 100644
--- a/src/arch.c
+++ b/src/arch.c
@@ -38,6 +38,7 @@
#include "arch-mips.h"
#include "arch-mips64.h"
#include "arch-mips64n32.h"
+#include "arch-ppc64.h"
#include "system.h"
#define default_arg_count_max 6
@@ -74,6 +75,12 @@ const struct arch_def *arch_def_native = &arch_def_mips64n32;
#elif __MIPSEL__
const struct arch_def *arch_def_native = &arch_def_mipsel64n32;
#endif /* _MIPS_SIM_NABI32 */
+#elif __PPC64__
+#ifdef __BIG_ENDIAN__
+const struct arch_def *arch_def_native = &arch_def_ppc64;
+#else
+const struct arch_def *arch_def_native = &arch_def_ppc64le;
+#endif
#else
#error the arch code needs to know about your machine type
#endif /* machine type guess */
@@ -122,6 +129,10 @@ const struct arch_def *arch_def_lookup(uint32_t token)
return &arch_def_mips64n32;
case SCMP_ARCH_MIPSEL64N32:
return &arch_def_mipsel64n32;
+ case SCMP_ARCH_PPC64:
+ return &arch_def_ppc64;
+ case SCMP_ARCH_PPC64LE:
+ return &arch_def_ppc64le;
}
return NULL;
@@ -158,6 +169,10 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
return &arch_def_mips64n32;
else if (strcmp(arch_name, "mipsel64n32") == 0)
return &arch_def_mipsel64n32;
+ else if (strcmp(arch_name, "ppc64") == 0)
+ return &arch_def_ppc64;
+ else if (strcmp(arch_name, "ppc64le") == 0)
+ return &arch_def_ppc64le;
return NULL;
}
@@ -276,6 +291,9 @@ int arch_syscall_resolve_name(const struct arch_def *arch, const char *name)
case SCMP_ARCH_MIPS64N32:
case SCMP_ARCH_MIPSEL64N32:
return mips64n32_syscall_resolve_name(name);
+ case SCMP_ARCH_PPC64:
+ case SCMP_ARCH_PPC64LE:
+ return ppc64_syscall_resolve_name(name);
}
return __NR_SCMP_ERROR;
@@ -313,6 +331,9 @@ const char *arch_syscall_resolve_num(const struct arch_def *arch, int num)
case SCMP_ARCH_MIPS64N32:
case SCMP_ARCH_MIPSEL64N32:
return mips64n32_syscall_resolve_num(num);
+ case SCMP_ARCH_PPC64:
+ case SCMP_ARCH_PPC64LE:
+ return ppc64_syscall_resolve_num(num);
}
return NULL;
diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
index 2b50f3f..a546550 100644
--- a/src/python/libseccomp.pxd
+++ b/src/python/libseccomp.pxd
@@ -38,6 +38,8 @@ cdef extern from "seccomp.h":
SCMP_ARCH_MIPSEL
SCMP_ARCH_MIPSEL64
SCMP_ARCH_MIPSEL64N32
+ SCMP_ARCH_PPC64
+ SCMP_ARCH_PPC64LE
cdef enum scmp_filter_attr:
SCMP_FLTATR_ACT_DEFAULT
diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
index d2f7c90..f30a0b6 100644
--- a/src/python/seccomp.pyx
+++ b/src/python/seccomp.pyx
@@ -147,6 +147,7 @@ cdef class Arch:
MIPSEL - MIPS little endian O32 ABI
MIPSEL64 - MIPS little endian 64-bit ABI
MIPSEL64N32 - MIPS little endian N32 ABI
+ PPC64 - 64-bit PowerPC
"""
cdef int _token
@@ -163,6 +164,8 @@ cdef class Arch:
MIPSEL = libseccomp.SCMP_ARCH_MIPSEL
MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64
MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32
+ PPC64 = libseccomp.SCMP_ARCH_PPC64
+ PPC64 = libseccomp.SCMP_ARCH_PPC64LE
def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
""" Initialize the architecture object.
@@ -198,6 +201,10 @@ cdef class Arch:
self._token = libseccomp.SCMP_ARCH_MIPSEL64
elif arch == libseccomp.SCMP_ARCH_MIPSEL64N32:
self._token = libseccomp.SCMP_ARCH_MIPSEL64N32
+ elif arch == libseccomp.SCMP_ARCH_PPC64:
+ self._token = libseccomp.SCMP_ARCH_PPC64
+ elif arch == libseccomp.SCMP_ARCH_PPC64LE:
+ self._token = libseccomp.SCMP_ARCH_PPC64LE
else:
self._token = 0;
elif isinstance(arch, basestring):
--
2.3.5

61
recipes-security/libseccomp/files/0002-tests-install-python-tests-if-appropriate.patch
View File

@@ -1,61 +0,0 @@
From 49dd92b85ca1797f2d289f48d3c1cdaec678334b Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe@deserted.net>
Date: Mon, 28 Oct 2013 15:40:15 -0400
Subject: [PATCH 2/3] tests: install python tests if appropriate
Install the python tests in addition to the C tests if python bindings are
being built. The regression script can, and needs to, have the
modification of the PYTHONPATH removed since it's unlikely in this
scenario that the original source tree will be around at all anymore.
This shouldn't be a problem since the library should be installed to the
default PYTHONPATH anyway.
Upstream-Status: Submitted [http://www.mail-archive.com/libseccomp-discuss@lists.sourceforge.net/msg00470.html]
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
macros.mk | 3 ++-
tests/Makefile | 6 +++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/macros.mk b/macros.mk
index e7c196d..13e7ed3 100644
--- a/macros.mk
+++ b/macros.mk
@@ -221,7 +221,8 @@ INSTALL_REGRESSION_TEST_MACRO += \
$(INSTALL) -o $(INSTALL_OWNER) -g $(INSTALL_GROUP) \
-d "$(INSTALL_TEST_DIR)"; \
$(INSTALL) -o $(INSTALL_OWNER) -g $(INSTALL_GROUP) -m 0755 \
- regression "$(INSTALL_TEST_DIR)";
+ regression "$(INSTALL_TEST_DIR)"; \
+ $(SED) -i "/\/..\/src\/python\/build\/lib\./d" "$(INSTALL_TEST_DIR)/regression";
ifeq ($(V),0)
INSTALL_MAN1_MACRO = \
diff --git a/tests/Makefile b/tests/Makefile
index 135551c..309a570 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -78,6 +78,10 @@ all: $(TESTS) $(OBJS)
-include $(DEPS_TESTS) $(DEPS_OBJS)
+ifeq ($(CONF_BINDINGS_PYTHON), 1)
+ PY_TESTS = $(TESTS:%=%.py)
+endif
+
$(DEPS_TESTS):
$(MAKEDEP_EXEC)
$(ADDDEP) $@ ../src/libseccomp.a
@@ -92,7 +96,7 @@ $(TEST_PRIVATE): 00-test.c $(OBJS) ../src/libseccomp.a
check: $(TESTS)
./regression
-install-tests: $(TESTS) $(TESTS:%=%.tests)
+install-tests: $(TESTS) $(TESTS:%=%.tests) $(PY_TESTS)
$(INSTALL_TEST_MACRO)
$(INSTALL_REGRESSION_TEST_MACRO)
--
1.7.10.4

124
recipes-security/libseccomp/files/0003-tests-introduce-alternate-test-report-format.patch
View File

@@ -1,124 +0,0 @@
From 389604a4d7b445e429998599827195751238400a Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe@deserted.net>
Date: Mon, 28 Oct 2013 15:40:16 -0400
Subject: [PATCH 3/3] tests: introduce alternate test report format
Adding an alternate test report format to the regression script. The
output format is modelled on the automake style described here:
http://www.gnu.org/software/automake/manual/automake.html#Simple-Tests
and is intended to support integrating the existing test scripts with the
Yocto Project's ptest infrastructure:
https://wiki.yoctoproject.org/wiki/Ptest#What_constitutes_a_ptest.3F
Currently there was only one use of the existing "INFO" tag in test
reporting, used in a way that better fit the "SKIP" model, so update that
as well and adjust print_result to handle SKIP and INFO interchangeably so
as to minimize the impact of this change on anyone not choosing to use the
new report format.
Upstream-Status: Submitted [http://www.mail-archive.com/libseccomp-discuss@lists.sourceforge.net/msg00470.html]
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
tests/regression | 35 +++++++++++++++++++++++++++--------
1 file changed, 27 insertions(+), 8 deletions(-)
diff --git a/tests/regression b/tests/regression
index 3c293a4..a9315f7 100755
--- a/tests/regression
+++ b/tests/regression
@@ -71,7 +71,7 @@ function verify_deps() {
function usage() {
cat << EOF
usage: regression [-h] [-v] [-m MODE] [-a] [-b BATCH_NAME] [-l <LOG>]
- [-s SINGLE_TEST] [-t <TEMP_DIR>] [-T <TEST_TYPE>]
+ [-p] [-s SINGLE_TEST] [-t <TEMP_DIR>] [-T <TEST_TYPE>]
libseccomp regression test automation script
optional arguments:
@@ -80,6 +80,7 @@ optional arguments:
-a specifies all tests are to be run
-b BATCH_NAME specifies batch of tests to be run
-l [LOG] specifies log file to write test results to
+ -p use automake-style results output (ptest format)
-s SINGLE_TEST specifies individual test number to be run
-t [TEMP_DIR] specifies directory to create temporary files in
-T [TEST_TYPE] only run tests matching the specified type
@@ -127,17 +128,31 @@ function print_data() {
#
# Arguments:
# 1 string containing generated test number
-# 2 string containing the test result (INFO, SUCCESS, ERROR, or FAILURE)
+# 2 string containing the test result (SKIP, INFO, SUCCESS, ERROR, or FAILURE)
# 3 string containing addition details
#
function print_result() {
- if [[ $2 == "INFO" && -z $verbose ]]; then
+ if [[ $2 == "INFO" || $2 == "SKIP" ]] && [[ -z $verbose ]]; then
return
fi
- if [[ $3 == "" ]]; then
- printf "Test %s result: %s\n" "$1" "$2" >&$logfd
+ if [[ -n $ptest_report ]]; then
+ case $2 in
+ SUCCESS )
+ printf "PASS: %s %s\n" "$1" "$3" >&$logfd
+ ;;
+ ERROR | FAILURE )
+ printf "FAIL: %s %s\n" "$1" "$3" >&$logfd
+ ;;
+ SKIP )
+ printf "SKIP: %s %s\n" "$1" "$3" >&$logfd
+ ;;
+ esac
else
- printf "Test %s result: %s %s\n" "$1" "$2" "$3" >&$logfd
+ if [[ $3 == "" ]]; then
+ printf "Test %s result: %s\n" "$1" "$2" >&$logfd
+ else
+ printf "Test %s result: %s %s\n" "$1" "$2" "$3" >&$logfd
+ fi
fi
}
@@ -358,7 +373,7 @@ function run_test_bpf_sim() {
fi
elif [[ "$testarch" != "all" ]] && [[ "$testarch" != "$arch" ]]; then
# only run tests that match the current architecture
- print_result $(generate_test_num "$1" $2 1) "INFO" \
+ print_result $(generate_test_num "$1" $2 1) "SKIP" \
"Test skipped due to test/system architecture difference"
stats_skipped=$(($stats_skipped+1))
return
@@ -788,13 +803,14 @@ tmpfile=""
tmpdir=""
type=
verbose=
+ptest_report=
stats_all=0
stats_skipped=0
stats_success=0
stats_failure=0
stats_error=0
-while getopts "ab:gl:m:s:t:T:vh" opt; do
+while getopts "ab:gl:m:ps:t:T:vh" opt; do
case $opt in
a)
runall=1
@@ -820,6 +836,9 @@ while getopts "ab:gl:m:s:t:T:vh" opt; do
exit 1
esac
;;
+ p)
+ ptest_report=1
+ ;;
s)
single_list[single_count]=$OPTARG
single_count=$(($single_count+1))
--
1.7.10.4

80
recipes-security/libseccomp/files/0003-tools-add-ppc64-support.patch
View File

@@ -1,80 +0,0 @@
From 21e74cf80be3d55fdfa5600bc99f284b19f75b01 Mon Sep 17 00:00:00 2001
From: Paul Moore <pmoore@redhat.com>
Date: Fri, 26 Sep 2014 12:50:40 -0400
Subject: [PATCH 03/11] tools: add ppc64 support
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
tools/scmp_arch_detect.c | 6 ++++++
tools/scmp_bpf_disasm.c | 4 ++++
tools/scmp_bpf_sim.c | 4 ++++
tools/util.c | 6 ++++++
4 files changed, 20 insertions(+)
diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
index 5a87252..d23d2ec 100644
--- a/tools/scmp_arch_detect.c
+++ b/tools/scmp_arch_detect.c
@@ -99,6 +99,12 @@ int main(int argc, char *argv[])
case SCMP_ARCH_MIPSEL64N32:
printf("mipsel64n32\n");
break;
+ case SCMP_ARCH_PPC64:
+ printf("ppc64\n");
+ break;
+ case SCMP_ARCH_PPC64LE:
+ printf("ppc64le\n");
+ break;
default:
printf("unknown\n");
}
diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
index 349b8a8..9199e17 100644
--- a/tools/scmp_bpf_disasm.c
+++ b/tools/scmp_bpf_disasm.c
@@ -334,6 +334,10 @@ int main(int argc, char *argv[])
arch = AUDIT_ARCH_MIPS64N32;
else if (strcmp(optarg, "mipsel64n32") == 0)
arch = AUDIT_ARCH_MIPSEL64N32;
+ else if (strcmp(optarg, "ppc64") == 0)
+ arch = AUDIT_ARCH_PPC64;
+ else if (strcmp(optarg, "ppc64le") == 0)
+ arch = AUDIT_ARCH_PPC64LE;
else
exit_usage(argv[0]);
break;
diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
index bb3a2e7..d3e439f 100644
--- a/tools/scmp_bpf_sim.c
+++ b/tools/scmp_bpf_sim.c
@@ -249,6 +249,10 @@ int main(int argc, char *argv[])
arch = AUDIT_ARCH_MIPS64N32;
else if (strcmp(optarg, "mipsel64n32") == 0)
arch = AUDIT_ARCH_MIPSEL64N32;
+ else if (strcmp(optarg, "ppc64") == 0)
+ arch = AUDIT_ARCH_PPC64;
+ else if (strcmp(optarg, "ppc64le") == 0)
+ arch = AUDIT_ARCH_PPC64LE;
else
exit_fault(EINVAL);
break;
diff --git a/tools/util.c b/tools/util.c
index 9b58bbb..f998009 100644
--- a/tools/util.c
+++ b/tools/util.c
@@ -62,6 +62,12 @@
#elif __MIPSEL__
#define ARCH_NATIVE AUDIT_ARCH_MIPSEL64N32
#endif /* _MIPS_SIM_NABI32 */
+#elif __PPC64__
+#ifdef __BIG_ENDIAN__
+#define ARCH_NATIVE AUDIT_ARCH_PPC64
+#else
+#define ARCH_NATIVE AUDIT_ARCH_PPC64LE
+#endif
#else
#error the simulator code needs to know about your machine type
#endif
--
2.3.5

118
recipes-security/libseccomp/files/0004-tests-add-ppc64-support-to-the-regression-tests.patch
View File

@@ -1,118 +0,0 @@
From e7deb140a59c1ca3c4eed5967ba288464f077944 Mon Sep 17 00:00:00 2001
From: Paul Moore <pmoore@redhat.com>
Date: Fri, 26 Sep 2014 13:14:12 -0400
Subject: [PATCH 04/11] tests: add ppc64 support to the regression tests
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
tests/16-sim-arch_basic.c | 3 +++
tests/16-sim-arch_basic.py | 1 +
tests/23-sim-arch_all_le_basic.c | 3 +++
tests/23-sim-arch_all_le_basic.py | 1 +
tests/26-sim-arch_all_be_basic.c | 3 +++
tests/26-sim-arch_all_be_basic.py | 1 +
tests/regression | 10 ++++++++--
7 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c
index 9771913..09df44b 100644
--- a/tests/16-sim-arch_basic.c
+++ b/tests/16-sim-arch_basic.c
@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32);
if (rc != 0)
goto out;
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
+ if (rc != 0)
+ goto out;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py
index 57a5ac3..d9e1939 100755
--- a/tests/16-sim-arch_basic.py
+++ b/tests/16-sim-arch_basic.py
@@ -39,6 +39,7 @@ def test(args):
f.add_arch(Arch("mipsel"))
f.add_arch(Arch("mipsel64"))
f.add_arch(Arch("mipsel64n32"))
+ f.add_arch(Arch("ppc64le"))
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c
index eeb8556..9f67ed6 100644
--- a/tests/23-sim-arch_all_le_basic.c
+++ b/tests/23-sim-arch_all_le_basic.c
@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32"));
if (rc != 0)
goto out;
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
+ if (rc != 0)
+ goto out;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py
index 36ab139..212ff50 100755
--- a/tests/23-sim-arch_all_le_basic.py
+++ b/tests/23-sim-arch_all_le_basic.py
@@ -39,6 +39,7 @@ def test(args):
f.add_arch(Arch("mipsel"))
f.add_arch(Arch("mipsel64"))
f.add_arch(Arch("mipsel64n32"))
+ f.add_arch(Arch("ppc64le"))
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c
index a951b3c..1a44525 100644
--- a/tests/26-sim-arch_all_be_basic.c
+++ b/tests/26-sim-arch_all_be_basic.c
@@ -52,6 +52,9 @@ int main(int argc, char *argv[])
rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
if (rc != 0)
goto out;
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
+ if (rc != 0)
+ goto out;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py
index 1347406..cba2dea 100755
--- a/tests/26-sim-arch_all_be_basic.py
+++ b/tests/26-sim-arch_all_be_basic.py
@@ -33,6 +33,7 @@ def test(args):
f.add_arch(Arch("mips"))
f.add_arch(Arch("mips64"))
f.add_arch(Arch("mips64n32"))
+ f.add_arch(Arch("ppc64"))
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
diff --git a/tests/regression b/tests/regression
index 428bdf2..3ab6171 100755
--- a/tests/regression
+++ b/tests/regression
@@ -21,8 +21,14 @@
# along with this library; if not, see <http://www.gnu.org/licenses>.
#
-GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32"
-GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32"
+GLBL_ARCH_LE_SUPPORT=" \
+ x86 x86_64 x32 \
+ arm aarch64 \
+ mipsel mipsel64 mipsel64n32 \
+ ppc64le"
+GLBL_ARCH_BE_SUPPORT=" \
+ mips mips64 mips64n32 \
+ ppc64"
GLBL_SYS_ARCH="../tools/scmp_arch_detect"
GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
--
2.3.5

34
recipes-security/libseccomp/files/0005-tests-add-ppc64-support-to-the-regression-live-tests.patch
View File

@@ -1,34 +0,0 @@
From eb47c3f501ebbf9e3b218bb2432d5bdadc04dce1 Mon Sep 17 00:00:00 2001
From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Date: Tue, 10 Feb 2015 11:08:12 +0000
Subject: [PATCH 05/11] tests: add ppc64 support to the regression live tests
Otherwise The live tests will fail with
"ERROR arch ppc64 not supported"
Send against the working-ppc64 branch.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
[PM: added ppc64le]
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
tests/regression | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/regression b/tests/regression
index 3ab6171..eeb6cfb 100755
--- a/tests/regression
+++ b/tests/regression
@@ -673,7 +673,7 @@ function run_test_live() {
# setup the arch specific return values
case "$arch" in
- x86|x86_64|x32|arm|aarch64)
+ x86|x86_64|x32|arm|aarch64|ppc64|ppc64le)
rc_kill=159
rc_allow=160
rc_trap=161
--
2.3.5

148
recipes-security/libseccomp/files/0006-ppc64-correct-the-ppc64-syscall-table-and-validation.patch
View File

@@ -1,148 +0,0 @@
From 75d3aa041dc3c8214610e44d317703c055e5e055 Mon Sep 17 00:00:00 2001
From: Paul Moore <pmoore@redhat.com>
Date: Tue, 10 Feb 2015 14:22:07 -0500
Subject: [PATCH 06/11] ppc64: correct the ppc64 syscall table and validation
script
We didn't correctly take into account the __powerpc64__ define when
generating the ppc64 syscall table. This patch also updates the
syscall table to match Linux v3.19.
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
src/arch-ppc64-syscalls.c | 26 ++++++++++++++------------
src/arch-syscall-validate | 2 +-
2 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
index 5dfb367..1c2a1df 100644
--- a/src/arch-ppc64-syscalls.c
+++ b/src/arch-ppc64-syscalls.c
@@ -27,7 +27,7 @@
#include "arch.h"
#include "arch-ppc64.h"
-/* NOTE: based on Linux 3.17-rc6+ */
+/* NOTE: based on Linux 3.19 */
const struct arch_syscall_def ppc64_syscall_table[] = { \
{ "_llseek", 140 },
{ "_newselect", 142 },
@@ -45,6 +45,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
{ "arch_prctl", __PNR_arch_prctl },
{ "bdflush", 134 },
{ "bind", 327 },
+ { "bpf", 361 },
{ "break", 17 },
{ "brk", 45 },
{ "cachectl", __PNR_cachectl },
@@ -80,11 +81,12 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
{ "eventfd", 307 },
{ "eventfd2", 314 },
{ "execve", 11 },
+ { "execveat", 362 },
{ "exit", 1 },
{ "exit_group", 234 },
{ "faccessat", 298 },
{ "fadvise64", 233 },
- { "fadvise64_64", 254 },
+ { "fadvise64_64", __PNR_fadvise64_64 },
{ "fallocate", 309 },
{ "fanotify_init", 323 },
{ "fanotify_mark", 324 },
@@ -95,7 +97,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
{ "fchown32", __PNR_fchown32 },
{ "fchownat", 289 },
{ "fcntl", 55 },
- { "fcntl64", 204 },
+ { "fcntl64", __PNR_fcntl64 },
{ "fdatasync", 148 },
{ "fgetxattr", 214 },
{ "finit_module", 353 },
@@ -105,14 +107,14 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
{ "fremovexattr", 220 },
{ "fsetxattr", 211 },
{ "fstat", 108 },
- { "fstat64", 197 },
- { "fstatat64", 291 },
+ { "fstat64", __PNR_fstat64 },
+ { "fstatat64", __PNR_fstatat64 },
{ "fstatfs", 100 },
{ "fstatfs64", 253 },
{ "fsync", 118 },
{ "ftime", 35 },
{ "ftruncate", 93 },
- { "ftruncate64", 194 },
+ { "ftruncate64", __PNR_ftruncate64 },
{ "futex", 221 },
{ "futimesat", 290 },
{ "get_kernel_syms", 130 },
@@ -191,7 +193,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
{ "lseek", 19 },
{ "lsetxattr", 210 },
{ "lstat", 107 },
- { "lstat64", 196 },
+ { "lstat64", __PNR_lstat64 },
{ "madvise", 205 },
{ "mbind", 259 },
{ "memfd_create", 360 },
@@ -204,7 +206,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
{ "mlock", 150 },
{ "mlockall", 152 },
{ "mmap", 90 },
- { "mmap2", 192 },
+ { "mmap2", __PNR_mmap2 },
{ "modify_ldt", 123 },
{ "mount", 21 },
{ "move_pages", 301 },
@@ -228,7 +230,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
{ "munmap", 91 },
{ "name_to_handle_at", 345 },
{ "nanosleep", 162 },
- { "newfstatat", __PNR_newfstatat },
+ { "newfstatat", 291 },
{ "nfsservctl", 168 },
{ "nice", 34 },
{ "oldfstat", 28 },
@@ -315,7 +317,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
{ "semtimedop", __PNR_semtimedop },
{ "send", 334 },
{ "sendfile", 186 },
- { "sendfile64", 226 },
+ { "sendfile64", __PNR_sendfile64 },
{ "sendmmsg", 349 },
{ "sendmsg", 341 },
{ "sendto", 335 },
@@ -375,7 +377,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
{ "spu_run", 278 },
{ "ssetmask", 69 },
{ "stat", 106 },
- { "stat64", 195 },
+ { "stat64", __PNR_stat64 },
{ "statfs", 99 },
{ "statfs64", 252 },
{ "stime", 25 },
@@ -411,7 +413,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
{ "times", 43 },
{ "tkill", 208 },
{ "truncate", 92 },
- { "truncate64", 193 },
+ { "truncate64", __PNR_truncate64 },
{ "tuxcall", 225 },
{ "ugetrlimit", 190 },
{ "ulimit", 58 },
diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
index eeb4d8b..e28b206 100755
--- a/src/arch-syscall-validate
+++ b/src/arch-syscall-validate
@@ -311,7 +311,7 @@ function dump_lib_mips64n32() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_ppc64() {
- gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \
+ gcc -E -dM -D__powerpc64__ $1/arch/powerpc/include/uapi/asm/unistd.h | \
grep "^#define __NR_" | sort | \
sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/'
}
--
2.3.5

29
recipes-security/libseccomp/files/0007-tests-minor-fix-in-arch-syscall-check.patch
View File

@@ -1,29 +0,0 @@
From 894784b321e088b5a10c2fdd442e7b326daedb7f Mon Sep 17 00:00:00 2001
From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Date: Wed, 11 Feb 2015 10:45:41 +0000
Subject: [PATCH 07/11] tests: minor fix in arch-syscall-check
Sent against working-ppc64.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
src/arch-syscall-check.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c
index dadab0d..a091a6d 100644
--- a/src/arch-syscall-check.c
+++ b/src/arch-syscall-check.c
@@ -96,7 +96,7 @@ int main(int argc, char *argv[])
syscall_check(str_miss, sys_name, "mips64n32",
mips64n32_syscall_iterate_name(i_mips64n32));
syscall_check(str_miss, sys_name, "ppc64",
- ppc64_syscall_iterate_name(i_mips64n32));
+ ppc64_syscall_iterate_name(i_ppc64));
/* output the results */
printf("%s: ", sys_name);
--
2.3.5

782
recipes-security/libseccomp/files/0008-arch-add-a-ppc-syscall-table.patch
View File

@@ -1,782 +0,0 @@
From 25fc85ba58eba3980649e5bded51816a98cbefc0 Mon Sep 17 00:00:00 2001
From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Date: Wed, 11 Feb 2015 13:23:25 +0000
Subject: [PATCH 08/11] arch: add a ppc syscall table
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
[PM: slight reordering of ppc/ppc64 in header files and makefiles]
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
include/seccomp.h.in | 1 +
src/Makefile.am | 1 +
src/arch-ppc-syscalls.c | 504 ++++++++++++++++++++++++++++++++++++++++++++++
src/arch-ppc.c | 33 +++
src/arch-ppc.h | 38 ++++
src/arch-syscall-check.c | 13 +-
src/arch-syscall-dump.c | 4 +
src/arch-syscall-validate | 31 ++-
8 files changed, 623 insertions(+), 2 deletions(-)
create mode 100644 src/arch-ppc-syscalls.c
create mode 100644 src/arch-ppc.c
create mode 100644 src/arch-ppc.h
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index 42f3f1a..3af4c2b 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -153,6 +153,7 @@ struct scmp_arg_cmp {
/**
* The PowerPC architecture tokens
*/
+#define SCMP_ARCH_PPC AUDIT_ARCH_PPC
#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
#ifndef AUDIT_ARCH_PPC64LE
#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
diff --git a/src/Makefile.am b/src/Makefile.am
index 038b2ef..54f8478 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -31,6 +31,7 @@ SOURCES_ARCH = \
arch-mips.h arch-mips.c arch-mips-syscalls.c \
arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \
arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \
+ arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c
SOURCES_GEN = \
diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c
new file mode 100644
index 0000000..32fc05a
--- /dev/null
+++ b/src/arch-ppc-syscalls.c
@@ -0,0 +1,504 @@
+/**
+ * Enhanced Seccomp PPC Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <string.h>
+
+#include <seccomp.h>
+
+#include "arch.h"
+#include "arch-ppc.h"
+
+/* NOTE: based on Linux 3.19 */
+const struct arch_syscall_def ppc_syscall_table[] = { \
+ { "_llseek", 140 },
+ { "_newselect", 142 },
+ { "_sysctl", 149 },
+ { "accept", 330 },
+ { "accept4", 344 },
+ { "access", 33 },
+ { "acct", 51 },
+ { "add_key", 269 },
+ { "adjtimex", 124 },
+ { "afs_syscall", 137 },
+ { "alarm", 27 },
+ { "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
+ { "arm_sync_file_range", __PNR_arm_sync_file_range },
+ { "arch_prctl", __PNR_arch_prctl },
+ { "bdflush", 134 },
+ { "bind", 327 },
+ { "bpf", 361 },
+ { "break", 17 },
+ { "brk", 45 },
+ { "cachectl", __PNR_cachectl },
+ { "cacheflush", __PNR_cacheflush },
+ { "capget", 183 },
+ { "capset", 184 },
+ { "chdir", 12 },
+ { "chmod", 15 },
+ { "chown", 181 },
+ { "chown32", __PNR_chown32 },
+ { "chroot", 61 },
+ { "clock_adjtime", 347 },
+ { "clock_getres", 247 },
+ { "clock_gettime", 246 },
+ { "clock_nanosleep", 248 },
+ { "clock_settime", 245 },
+ { "clone", 120 },
+ { "close", 6 },
+ { "connect", 328 },
+ { "creat", 8 },
+ { "create_module", 127 },
+ { "delete_module", 129 },
+ { "dup", 41 },
+ { "dup2", 63 },
+ { "dup3", 316 },
+ { "epoll_create", 236 },
+ { "epoll_create1", 315 },
+ { "epoll_ctl", 237 },
+ { "epoll_ctl_old", __PNR_epoll_ctl_old },
+ { "epoll_pwait", 303 },
+ { "epoll_wait", 238 },
+ { "epoll_wait_old", __PNR_epoll_wait_old },
+ { "eventfd", 307 },
+ { "eventfd2", 314 },
+ { "execve", 11 },
+ { "execveat", 362 },
+ { "exit", 1 },
+ { "exit_group", 234 },
+ { "faccessat", 298 },
+ { "fadvise64", 233 },
+ { "fadvise64_64", 254 },
+ { "fallocate", 309 },
+ { "fanotify_init", 323 },
+ { "fanotify_mark", 324 },
+ { "fchdir", 133 },
+ { "fchmod", 94 },
+ { "fchmodat", 297 },
+ { "fchown", 95 },
+ { "fchown32", __PNR_fchown32 },
+ { "fchownat", 289 },
+ { "fcntl", 55 },
+ { "fcntl64", 204 },
+ { "fdatasync", 148 },
+ { "fgetxattr", 214 },
+ { "finit_module", 353 },
+ { "flistxattr", 217 },
+ { "flock", 143 },
+ { "fork", 2 },
+ { "fremovexattr", 220 },
+ { "fsetxattr", 211 },
+ { "fstat", 108 },
+ { "fstat64", 197 },
+ { "fstatat64", 291 },
+ { "fstatfs", 100 },
+ { "fstatfs64", 253 },
+ { "fsync", 118 },
+ { "ftime", 35 },
+ { "ftruncate", 93 },
+ { "ftruncate64", 194 },
+ { "futex", 221 },
+ { "futimesat", 290 },
+ { "get_kernel_syms", 130 },
+ { "get_mempolicy", 260 },
+ { "get_robust_list", 299 },
+ { "get_thread_area", __PNR_get_thread_area },
+ { "getcpu", 302 },
+ { "getcwd", 182 },
+ { "getdents", 141 },
+ { "getdents64", 202 },
+ { "getegid", 50 },
+ { "getegid32", __PNR_getegid32 },
+ { "geteuid", 49 },
+ { "geteuid32", __PNR_geteuid32 },
+ { "getgid", 47 },
+ { "getgid32", __PNR_getgid32 },
+ { "getgroups", 80 },
+ { "getgroups32", __PNR_getgroups32 },
+ { "getitimer", 105 },
+ { "getpeername", 332 },
+ { "getpgid", 132 },
+ { "getpgrp", 65 },
+ { "getpid", 20 },
+ { "getpmsg", 187 },
+ { "getppid", 64 },
+ { "getpriority", 96 },
+ { "getrandom", 359 },
+ { "getresgid", 170 },
+ { "getresgid32", __PNR_getresgid32 },
+ { "getresuid", 165 },
+ { "getresuid32", __PNR_getresuid32 },
+ { "getrlimit", 76 },
+ { "getrusage", 77 },
+ { "getsid", 147 },
+ { "getsockname", 331 },
+ { "getsockopt", 340 },
+ { "gettid", 207 },
+ { "gettimeofday", 78 },
+ { "getuid", 24 },
+ { "getuid32", __PNR_getuid32 },
+ { "getxattr", 212 },
+ { "gtty", 32 },
+ { "idle", 112 },
+ { "init_module", 128 },
+ { "inotify_add_watch", 276 },
+ { "inotify_init", 275 },
+ { "inotify_init1", 318 },
+ { "inotify_rm_watch", 277 },
+ { "io_cancel", 231 },
+ { "io_destroy", 228 },
+ { "io_getevents", 229 },
+ { "io_setup", 227 },
+ { "io_submit", 230 },
+ { "ioctl", 54 },
+ { "ioperm", 101 },
+ { "iopl", 110 },
+ { "ioprio_get", 274 },
+ { "ioprio_set", 273 },
+ { "ipc", 117 },
+ { "kcmp", 354 },
+ { "kexec_file_load", __PNR_kexec_file_load },
+ { "kexec_load", 268 },
+ { "keyctl", 271 },
+ { "kill", 37 },
+ { "lchown", 16 },
+ { "lchown32", __PNR_lchown32 },
+ { "lgetxattr", 213 },
+ { "link", 9 },
+ { "linkat", 294 },
+ { "listen", 329 },
+ { "listxattr", 215 },
+ { "llistxattr", 216 },
+ { "lock", 53 },
+ { "lookup_dcookie", 235 },
+ { "lremovexattr", 219 },
+ { "lseek", 19 },
+ { "lsetxattr", 210 },
+ { "lstat", 107 },
+ { "lstat64", 196 },
+ { "madvise", 205 },
+ { "mbind", 259 },
+ { "memfd_create", 360 },
+ { "migrate_pages", 258 },
+ { "mincore", 206 },
+ { "mkdir", 39 },
+ { "mkdirat", 287 },
+ { "mknod", 14 },
+ { "mknodat", 288 },
+ { "mlock", 150 },
+ { "mlockall", 152 },
+ { "mmap", 90 },
+ { "mmap2", 192 },
+ { "modify_ldt", 123 },
+ { "mount", 21 },
+ { "move_pages", 301 },
+ { "mprotect", 125 },
+ { "mpx", 56 },
+ { "mq_getsetattr", 267 },
+ { "mq_notify", 266 },
+ { "mq_open", 262 },
+ { "mq_timedreceive", 265 },
+ { "mq_timedsend", 264 },
+ { "mq_unlink", 263 },
+ { "mremap", 163 },
+ { "msgctl", __PNR_msgctl },
+ { "msgget", __PNR_msgget },
+ { "msgrcv", __PNR_msgrcv },
+ { "msgsnd", __PNR_msgsnd },
+ { "msync", 144 },
+ { "multiplexer", 201 },
+ { "munlock", 151 },
+ { "munlockall", 153 },
+ { "munmap", 91 },
+ { "name_to_handle_at", 345 },
+ { "nanosleep", 162 },
+ { "newfstatat", __PNR_newfstatat },
+ { "nfsservctl", 168 },
+ { "nice", 34 },
+ { "oldfstat", 28 },
+ { "oldlstat", 84 },
+ { "oldolduname", 59 },
+ { "oldstat", 18 },
+ { "olduname", 109 },
+ { "oldwait4", __PNR_oldwait4 },
+ { "open", 5 },
+ { "open_by_handle_at", 346 },
+ { "openat", 286 },
+ { "pause", 29 },
+ { "pciconfig_iobase", 200 },
+ { "pciconfig_read", 198 },
+ { "pciconfig_write", 199 },
+ { "perf_event_open", 319 },
+ { "personality", 136 },
+ { "pipe", 42 },
+ { "pipe2", 317 },
+ { "pivot_root", 203 },
+ { "poll", 167 },
+ { "ppoll", 281 },
+ { "prctl", 171 },
+ { "pread64", 179 },
+ { "preadv", 320 },
+ { "prlimit64", 325 },
+ { "process_vm_readv", 351 },
+ { "process_vm_writev", 352 },
+ { "prof", 44 },
+ { "profil", 98 },
+ { "pselect6", 280 },
+ { "ptrace", 26 },
+ { "putpmsg", 188 },
+ { "pwrite64", 180 },
+ { "pwritev", 321 },
+ { "query_module", 166 },
+ { "quotactl", 131 },
+ { "read", 3 },
+ { "readahead", 191 },
+ { "readdir", 89 },
+ { "readlink", 85 },
+ { "readlinkat", 296 },
+ { "readv", 145 },
+ { "reboot", 88 },
+ { "recv", 336 },
+ { "recvfrom", 337 },
+ { "recvmmsg", 343 },
+ { "recvmsg", 342 },
+ { "remap_file_pages", 239 },
+ { "removexattr", 218 },
+ { "rename", 38 },
+ { "renameat", 293 },
+ { "renameat2", 357 },
+ { "request_key", 270 },
+ { "restart_syscall", 0 },
+ { "rmdir", 40 },
+ { "rt_sigaction", 173 },
+ { "rt_sigpending", 175 },
+ { "rt_sigprocmask", 174 },
+ { "rt_sigqueueinfo", 177 },
+ { "rt_sigreturn", 172 },
+ { "rt_sigsuspend", 178 },
+ { "rt_sigtimedwait", 176 },
+ { "rt_tgsigqueueinfo", 322 },
+ { "rtas", 255 },
+ { "sched_get_priority_max", 159 },
+ { "sched_get_priority_min", 160 },
+ { "sched_getaffinity", 223 },
+ { "sched_getattr", 356 },
+ { "sched_getparam", 155 },
+ { "sched_getscheduler", 157 },
+ { "sched_rr_get_interval", 161 },
+ { "sched_setaffinity", 222 },
+ { "sched_setattr", 355 },
+ { "sched_setparam", 154 },
+ { "sched_setscheduler", 156 },
+ { "sched_yield", 158 },
+ { "seccomp", 358 },
+ { "security", __PNR_security },
+ { "select", 82 },
+ { "semctl", __PNR_semctl },
+ { "semget", __PNR_semget },
+ { "semop", __PNR_semop },
+ { "semtimedop", __PNR_semtimedop },
+ { "send", 334 },
+ { "sendfile", 186 },
+ { "sendfile64", 226 },
+ { "sendmmsg", 349 },
+ { "sendmsg", 341 },
+ { "sendto", 335 },
+ { "set_mempolicy", 261 },
+ { "set_robust_list", 300 },
+ { "set_thread_area", __PNR_set_thread_area },
+ { "set_tid_address", 232 },
+ { "setdomainname", 121 },
+ { "setfsgid", 139 },
+ { "setfsgid32", __PNR_setfsgid32 },
+ { "setfsuid", 138 },
+ { "setfsuid32", __PNR_setfsuid32 },
+ { "setgid", 46 },
+ { "setgid32", __PNR_setgid32 },
+ { "setgroups", 81 },
+ { "setgroups32", __PNR_setgroups32 },
+ { "sethostname", 74 },
+ { "setitimer", 104 },
+ { "setns", 350 },
+ { "setpgid", 57 },
+ { "setpriority", 97 },
+ { "setregid", 71 },
+ { "setregid32", __PNR_setregid32 },
+ { "setresgid", 169 },
+ { "setresgid32", __PNR_setresgid32 },
+ { "setresuid", 164 },
+ { "setresuid32", __PNR_setresuid32 },
+ { "setreuid", 70 },
+ { "setreuid32", __PNR_setreuid32 },
+ { "setrlimit", 75 },
+ { "setsid", 66 },
+ { "setsockopt", 339 },
+ { "settimeofday", 79 },
+ { "setuid", 23 },
+ { "setuid32", __PNR_setuid32 },
+ { "setxattr", 209 },
+ { "sgetmask", 68 },
+ { "shmat", __PNR_shmat },
+ { "shmctl", __PNR_shmctl },
+ { "shmdt", __PNR_shmdt },
+ { "shmget", __PNR_shmget },
+ { "shutdown", 338 },
+ { "sigaction", 67 },
+ { "sigaltstack", 185 },
+ { "signal", 48 },
+ { "signalfd", 305 },
+ { "signalfd4", 313 },
+ { "sigpending", 73 },
+ { "sigprocmask", 126 },
+ { "sigreturn", 119 },
+ { "sigsuspend", 72 },
+ { "socket", 326 },
+ { "socketcall", 102 },
+ { "socketpair", 333 },
+ { "splice", 283 },
+ { "spu_create", 279 },
+ { "spu_run", 278 },
+ { "ssetmask", 69 },
+ { "stat", 106 },
+ { "stat64", 195 },
+ { "statfs", 99 },
+ { "statfs64", 252 },
+ { "stime", 25 },
+ { "stty", 31 },
+ { "subpage_prot", 310 },
+ { "swapcontext", 249 },
+ { "swapoff", 115 },
+ { "swapon", 87 },
+ { "symlink", 83 },
+ { "symlinkat", 295 },
+ { "sync", 36 },
+ { "sync_file_range", __PNR_sync_file_range },
+ { "sync_file_range2", 308 },
+ { "syncfs", 348 },
+ { "syscall", __PNR_syscall },
+ { "sys_debug_setcontext", 256 },
+ { "sysfs", 135 },
+ { "sysinfo", 116 },
+ { "syslog", 103 },
+ { "sysmips", __PNR_sysmips },
+ { "tee", 284 },
+ { "tgkill", 250 },
+ { "time", 13 },
+ { "timer_create", 240 },
+ { "timer_delete", 244 },
+ { "timer_getoverrun", 243 },
+ { "timer_gettime", 242 },
+ { "timer_settime", 241 },
+ { "timerfd", __PNR_timerfd },
+ { "timerfd_create", 306 },
+ { "timerfd_gettime", 312 },
+ { "timerfd_settime", 311 },
+ { "times", 43 },
+ { "tkill", 208 },
+ { "truncate", 92 },
+ { "truncate64", 193 },
+ { "tuxcall", 225 },
+ { "ugetrlimit", 190 },
+ { "ulimit", 58 },
+ { "umask", 60 },
+ { "umount", 22 },
+ { "umount2", 52 },
+ { "uname", 122 },
+ { "unlink", 10 },
+ { "unlinkat", 292 },
+ { "unshare", 282 },
+ { "uselib", 86 },
+ { "ustat", 62 },
+ { "utime", 30 },
+ { "utimensat", 304 },
+ { "utimes", 251 },
+ { "vfork", 189 },
+ { "vhangup", 111 },
+ { "vm86", 113 },
+ { "vm86old", __PNR_vm86old },
+ { "vmsplice", 285 },
+ { "vserver", __PNR_vserver },
+ { "wait4", 114 },
+ { "waitid", 272 },
+ { "waitpid", 7 },
+ { "write", 4 },
+ { "writev", 146 },
+ { NULL, __NR_SCMP_ERROR },
+};
+
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number using the syscall table.
+ * Returns the syscall number on success, including negative pseudo syscall
+ * numbers; returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int ppc_syscall_resolve_name(const char *name)
+{
+ unsigned int iter;
+ const struct arch_syscall_def *table = ppc_syscall_table;
+
+ /* XXX - plenty of room for future improvement here */
+ for (iter = 0; table[iter].name != NULL; iter++) {
+ if (strcmp(name, table[iter].name) == 0)
+ return table[iter].num;
+ }
+
+ return __NR_SCMP_ERROR;
+}
+
+/**
+ * Resolve a syscall number to a name
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name using the syscall table.
+ * Returns a pointer to the syscall name string on success, including pseudo
+ * syscall names; returns NULL on failure.
+ *
+ */
+const char *ppc_syscall_resolve_num(int num)
+{
+ unsigned int iter;
+ const struct arch_syscall_def *table = ppc_syscall_table;
+
+ /* XXX - plenty of room for future improvement here */
+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
+ if (num == table[iter].num)
+ return table[iter].name;
+ }
+
+ return NULL;
+}
+
+/**
+ * Iterate through the syscall table and return the syscall name
+ * @param spot the offset into the syscall table
+ *
+ * Return the syscall name at position @spot or NULL on failure. This function
+ * should only ever be used internally by libseccomp.
+ *
+ */
+const char *ppc_syscall_iterate_name(unsigned int spot)
+{
+ /* XXX - no safety checks here */
+ return ppc_syscall_table[spot].name;
+}
diff --git a/src/arch-ppc.c b/src/arch-ppc.c
new file mode 100644
index 0000000..56dbdb4
--- /dev/null
+++ b/src/arch-ppc.c
@@ -0,0 +1,33 @@
+/**
+ * Enhanced Seccomp PPC Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <linux/audit.h>
+
+#include "arch.h"
+#include "arch-ppc.h"
+
+const struct arch_def arch_def_ppc = {
+ .token = SCMP_ARCH_PPC,
+ .token_bpf = AUDIT_ARCH_PPC,
+ .size = ARCH_SIZE_32,
+ .endian = ARCH_ENDIAN_BIG,
+};
diff --git a/src/arch-ppc.h b/src/arch-ppc.h
new file mode 100644
index 0000000..627a168
--- /dev/null
+++ b/src/arch-ppc.h
@@ -0,0 +1,38 @@
+/**
+ * Enhanced Seccomp PPC Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _ARCH_PPC_H
+#define _ARCH_PPC_H
+
+#include <inttypes.h>
+
+#include "arch.h"
+#include "system.h"
+
+extern const struct arch_def arch_def_ppc;
+
+int ppc_syscall_resolve_name(const char *name);
+const char *ppc_syscall_resolve_num(int num);
+
+const char *ppc_syscall_iterate_name(unsigned int spot);
+
+#endif
diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c
index a091a6d..8682483 100644
--- a/src/arch-syscall-check.c
+++ b/src/arch-syscall-check.c
@@ -34,6 +34,7 @@
#include "arch-mips64.h"
#include "arch-mips64n32.h"
#include "arch-ppc64.h"
+#include "arch-ppc.h"
/**
* compare the syscall values
@@ -69,6 +70,7 @@ int main(int argc, char *argv[])
int i_mips64 = 0;
int i_mips64n32 = 0;
int i_ppc64 = 0;
+ int i_ppc = 0;
const char *sys_name;
char str_miss[256];
@@ -97,6 +99,8 @@ int main(int argc, char *argv[])
mips64n32_syscall_iterate_name(i_mips64n32));
syscall_check(str_miss, sys_name, "ppc64",
ppc64_syscall_iterate_name(i_ppc64));
+ syscall_check(str_miss, sys_name, "ppc",
+ ppc_syscall_iterate_name(i_ppc));
/* output the results */
printf("%s: ", sys_name);
@@ -125,10 +129,12 @@ int main(int argc, char *argv[])
i_mips64n32 = -1;
if (!ppc64_syscall_iterate_name(++i_ppc64))
i_ppc64 = -1;
+ if (!ppc_syscall_iterate_name(++i_ppc))
+ i_ppc = -1;
} while (i_x86_64 >= 0 && i_x32 >= 0 &&
i_arm >= 0 && i_aarch64 >= 0 &&
i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
- i_ppc64 >= 0);
+ i_ppc64 >= 0 && i_ppc >= 0);
/* check for any leftovers */
sys_name = x86_syscall_iterate_name(i_x86 + 1);
@@ -176,6 +182,11 @@ int main(int argc, char *argv[])
ppc64_syscall_iterate_name(i_ppc64));
return 1;
}
+ if (i_ppc >= 0) {
+ printf("%s: ERROR, ppc has additional syscalls\n",
+ ppc_syscall_iterate_name(i_ppc));
+ return 1;
+ }
/* if we made it here, all is good */
return 0;
diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c
index 985a250..62992e7 100644
--- a/src/arch-syscall-dump.c
+++ b/src/arch-syscall-dump.c
@@ -39,6 +39,7 @@
#include "arch-mips64n32.h"
#include "arch-aarch64.h"
#include "arch-ppc64.h"
+#include "arch-ppc.h"
/**
* Print the usage information to stderr and exit
@@ -116,6 +117,9 @@ int main(int argc, char *argv[])
case SCMP_ARCH_PPC64:
sys_name = ppc64_syscall_iterate_name(iter);
break;
+ case SCMP_ARCH_PPC:
+ sys_name = ppc_syscall_iterate_name(iter);
+ break;
default:
/* invalid arch */
diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
index e28b206..595dfef 100755
--- a/src/arch-syscall-validate
+++ b/src/arch-syscall-validate
@@ -326,6 +326,29 @@ function dump_lib_ppc64() {
}
#
+# Dump the ppc system syscall table
+#
+# Arguments:
+# 1 path to the kernel source
+#
+# Dump the architecture's syscall table to stdout.
+#
+function dump_sys_ppc() {
+ gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \
+ grep "^#define __NR_" | sort | \
+ sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/'
+}
+
+#
+# Dump the ppc library syscall table
+#
+# Dump the library's syscall table to stdout.
+#
+function dump_lib_ppc() {
+ $LIB_SYS_DUMP -a ppc | sed -e '/[^\t]\+\t-[0-9]\+/d'
+}
+
+#
# Dump the system syscall table
#
# Arguments:
@@ -363,6 +386,9 @@ function dump_sys() {
ppc64)
dump_sys_ppc64 "$2"
;;
+ ppc)
+ dump_sys_ppc "$2"
+ ;;
*)
echo ""
;;
@@ -406,6 +432,9 @@ function dump_lib() {
ppc64)
dump_lib_ppc64 "$2"
;;
+ ppc)
+ dump_lib_ppc "$2"
+ ;;
*)
echo ""
;;
@@ -442,7 +471,7 @@ shift $(($OPTIND - 1))
# defaults
if [[ $arches == "" ]]; then
- arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64"
+ arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64 ppc"
fi
# sanity checks
--
2.3.5

117
recipes-security/libseccomp/files/0009-arch-add-basic-initial-ppc-support-to-the-arch-depen.patch
View File

@@ -1,117 +0,0 @@
From c0fa35a2756a1fcedcf4d4a14688226d2a1cd86b Mon Sep 17 00:00:00 2001
From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Date: Wed, 11 Feb 2015 13:23:26 +0000
Subject: [PATCH 09/11] arch: add basic initial ppc support to the
arch-dependent code
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
src/arch.c | 11 +++++++++++
src/python/libseccomp.pxd | 1 +
src/python/seccomp.pyx | 6 +++++-
3 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/src/arch.c b/src/arch.c
index 64fc1d1..f73db6b 100644
--- a/src/arch.c
+++ b/src/arch.c
@@ -39,6 +39,7 @@
#include "arch-mips64.h"
#include "arch-mips64n32.h"
#include "arch-ppc64.h"
+#include "arch-ppc.h"
#include "system.h"
#define default_arg_count_max 6
@@ -81,6 +82,8 @@ const struct arch_def *arch_def_native = &arch_def_ppc64;
#else
const struct arch_def *arch_def_native = &arch_def_ppc64le;
#endif
+#elif __PPC__
+const struct arch_def *arch_def_native = &arch_def_ppc;
#else
#error the arch code needs to know about your machine type
#endif /* machine type guess */
@@ -133,6 +136,8 @@ const struct arch_def *arch_def_lookup(uint32_t token)
return &arch_def_ppc64;
case SCMP_ARCH_PPC64LE:
return &arch_def_ppc64le;
+ case SCMP_ARCH_PPC:
+ return &arch_def_ppc;
}
return NULL;
@@ -173,6 +178,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
return &arch_def_ppc64;
else if (strcmp(arch_name, "ppc64le") == 0)
return &arch_def_ppc64le;
+ else if (strcmp(arch_name, "ppc") == 0)
+ return &arch_def_ppc;
return NULL;
}
@@ -294,6 +301,8 @@ int arch_syscall_resolve_name(const struct arch_def *arch, const char *name)
case SCMP_ARCH_PPC64:
case SCMP_ARCH_PPC64LE:
return ppc64_syscall_resolve_name(name);
+ case SCMP_ARCH_PPC:
+ return ppc_syscall_resolve_name(name);
}
return __NR_SCMP_ERROR;
@@ -334,6 +343,8 @@ const char *arch_syscall_resolve_num(const struct arch_def *arch, int num)
case SCMP_ARCH_PPC64:
case SCMP_ARCH_PPC64LE:
return ppc64_syscall_resolve_num(num);
+ case SCMP_ARCH_PPC:
+ return ppc_syscall_resolve_num(num);
}
return NULL;
diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
index a546550..e9c0f6a 100644
--- a/src/python/libseccomp.pxd
+++ b/src/python/libseccomp.pxd
@@ -40,6 +40,7 @@ cdef extern from "seccomp.h":
SCMP_ARCH_MIPSEL64N32
SCMP_ARCH_PPC64
SCMP_ARCH_PPC64LE
+ SCMP_ARCH_PPC
cdef enum scmp_filter_attr:
SCMP_FLTATR_ACT_DEFAULT
diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
index f30a0b6..2da8c66 100644
--- a/src/python/seccomp.pyx
+++ b/src/python/seccomp.pyx
@@ -148,6 +148,7 @@ cdef class Arch:
MIPSEL64 - MIPS little endian 64-bit ABI
MIPSEL64N32 - MIPS little endian N32 ABI
PPC64 - 64-bit PowerPC
+ PPC - 32-bit PowerPC
"""
cdef int _token
@@ -165,7 +166,8 @@ cdef class Arch:
MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64
MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32
PPC64 = libseccomp.SCMP_ARCH_PPC64
- PPC64 = libseccomp.SCMP_ARCH_PPC64LE
+ PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
+ PPC = libseccomp.SCMP_ARCH_PPC
def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
""" Initialize the architecture object.
@@ -205,6 +207,8 @@ cdef class Arch:
self._token = libseccomp.SCMP_ARCH_PPC64
elif arch == libseccomp.SCMP_ARCH_PPC64LE:
self._token = libseccomp.SCMP_ARCH_PPC64LE
+ elif arch == libseccomp.SCMP_ARCH_PPC:
+ self._token = libseccomp.SCMP_ARCH_PPC
else:
self._token = 0;
elif isinstance(arch, basestring):
--
2.3.5

70
recipes-security/libseccomp/files/0010-tools-add-ppc-support.patch
View File

@@ -1,70 +0,0 @@
From b54dafd62376f9041b4d48e800f39c588554aabc Mon Sep 17 00:00:00 2001
From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Date: Wed, 11 Feb 2015 13:23:27 +0000
Subject: [PATCH 10/11] tools: add ppc support
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
tools/scmp_arch_detect.c | 3 +++
tools/scmp_bpf_disasm.c | 2 ++
tools/scmp_bpf_sim.c | 2 ++
tools/util.c | 2 ++
4 files changed, 9 insertions(+)
diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
index d23d2ec..03644c6 100644
--- a/tools/scmp_arch_detect.c
+++ b/tools/scmp_arch_detect.c
@@ -105,6 +105,9 @@ int main(int argc, char *argv[])
case SCMP_ARCH_PPC64LE:
printf("ppc64le\n");
break;
+ case SCMP_ARCH_PPC:
+ printf("ppc\n");
+ break;
default:
printf("unknown\n");
}
diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
index 9199e17..d773469 100644
--- a/tools/scmp_bpf_disasm.c
+++ b/tools/scmp_bpf_disasm.c
@@ -338,6 +338,8 @@ int main(int argc, char *argv[])
arch = AUDIT_ARCH_PPC64;
else if (strcmp(optarg, "ppc64le") == 0)
arch = AUDIT_ARCH_PPC64LE;
+ else if (strcmp(optarg, "ppc") == 0)
+ arch = AUDIT_ARCH_PPC;
else
exit_usage(argv[0]);
break;
diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
index d3e439f..a53b4fd 100644
--- a/tools/scmp_bpf_sim.c
+++ b/tools/scmp_bpf_sim.c
@@ -253,6 +253,8 @@ int main(int argc, char *argv[])
arch = AUDIT_ARCH_PPC64;
else if (strcmp(optarg, "ppc64le") == 0)
arch = AUDIT_ARCH_PPC64LE;
+ else if (strcmp(optarg, "ppc") == 0)
+ arch = AUDIT_ARCH_PPC;
else
exit_fault(EINVAL);
break;
diff --git a/tools/util.c b/tools/util.c
index f998009..b45de3b 100644
--- a/tools/util.c
+++ b/tools/util.c
@@ -68,6 +68,8 @@
#else
#define ARCH_NATIVE AUDIT_ARCH_PPC64LE
#endif
+#elif __PPC__
+#define ARCH_NATIVE AUDIT_ARCH_PPC
#else
#error the simulator code needs to know about your machine type
#endif
--
2.3.5

64
recipes-security/libseccomp/files/0011-tests-add-ppc-support-to-the-regression-tests.patch
View File

@@ -1,64 +0,0 @@
From 1a68b28e8cc6680dc7a9aecd26e06112b4ff93bf Mon Sep 17 00:00:00 2001
From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Date: Wed, 11 Feb 2015 13:23:28 +0000
Subject: [PATCH 11/11] tests: add ppc support to the regression tests
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
tests/26-sim-arch_all_be_basic.c | 3 +++
tests/26-sim-arch_all_be_basic.py | 1 +
tests/regression | 4 ++--
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c
index 1a44525..91fcbea 100644
--- a/tests/26-sim-arch_all_be_basic.c
+++ b/tests/26-sim-arch_all_be_basic.c
@@ -55,6 +55,9 @@ int main(int argc, char *argv[])
rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
if (rc != 0)
goto out;
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc"));
+ if (rc != 0)
+ goto out;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py
index cba2dea..1537013 100755
--- a/tests/26-sim-arch_all_be_basic.py
+++ b/tests/26-sim-arch_all_be_basic.py
@@ -34,6 +34,7 @@ def test(args):
f.add_arch(Arch("mips64"))
f.add_arch(Arch("mips64n32"))
f.add_arch(Arch("ppc64"))
+ f.add_arch(Arch("ppc"))
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
diff --git a/tests/regression b/tests/regression
index eeb6cfb..9f0c17e 100755
--- a/tests/regression
+++ b/tests/regression
@@ -28,7 +28,7 @@ GLBL_ARCH_LE_SUPPORT=" \
ppc64le"
GLBL_ARCH_BE_SUPPORT=" \
mips mips64 mips64n32 \
- ppc64"
+ ppc64 ppc"
GLBL_SYS_ARCH="../tools/scmp_arch_detect"
GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
@@ -673,7 +673,7 @@ function run_test_live() {
# setup the arch specific return values
case "$arch" in
- x86|x86_64|x32|arm|aarch64|ppc64|ppc64le)
+ x86|x86_64|x32|arm|aarch64|ppc64|ppc64le|ppc)
rc_kill=159
rc_allow=160
rc_trap=161
--
2.3.5

32
recipes-security/libseccomp/files/compiler.patch
View File

@@ -1,32 +0,0 @@
From fb3e84f6212333949ee3e410bb468bb06c289a1e Mon Sep 17 00:00:00 2001
From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Date: Fri, 28 Jun 2013 15:55:13 +0300
Subject: [PATCH] libseccomp always used host compiler
passing $CC at do_install() doesn't seem to have
effect on the compiler used by libseccomp. Modified
the compiler manually.
Upstream Status: Inapropriate
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
---
macros.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/macros.mk b/macros.mk
index 9c62fa7..e219be6 100644
--- a/macros.mk
+++ b/macros.mk
@@ -66,7 +66,7 @@ AWK ?= awk
PYTHON ?= /usr/bin/env python
# we require gcc specific functionality
-GCC ?= gcc
+GCC ?= $(CC)
INSTALL ?= install
--
1.7.9.5

25
recipes-security/libseccomp/files/regresion_fixup_seq_usage.patch
View File

@@ -1,25 +0,0 @@
Index: git/tests/regression
===================================================================
--- git.orig/tests/regression
+++ git/tests/regression
@@ -468,13 +468,13 @@ function run_test_bpf_sim() {
# and arg ranges and generate/run every combination of requested
# tests; if no ranges were specifed, then the single test is
# run
- for sys in $(seq -f "%1.0f" $low_syscall $high_syscall); do
- for arg0 in $(seq -f "%1.0f" ${low_arg[0]} ${high_arg[0]}); do
- for arg1 in $(seq -f "%1.0f" ${low_arg[1]} ${high_arg[1]}); do
- for arg2 in $(seq -f "%1.0f" ${low_arg[2]} ${high_arg[2]}); do
- for arg3 in $(seq -f "%1.0f" ${low_arg[3]} ${high_arg[3]}); do
- for arg4 in $(seq -f "%1.0f" ${low_arg[4]} ${high_arg[4]}); do
- for arg5 in $(seq -f "%1.0f" ${low_arg[5]} ${high_arg[5]}); do
+ for sys in $(seq $low_syscall $high_syscall); do
+ for arg0 in $(seq ${low_arg[0]} ${high_arg[0]}); do
+ for arg1 in $(seq ${low_arg[1]} ${high_arg[1]}); do
+ for arg2 in $(seq ${low_arg[2]} ${high_arg[2]}); do
+ for arg3 in $(seq ${low_arg[3]} ${high_arg[3]}); do
+ for arg4 in $(seq ${low_arg[4]} ${high_arg[4]}); do
+ for arg5 in $(seq ${low_arg[5]} ${high_arg[5]}); do
local -a arg=($arg0 $arg1 $arg2 $arg3 $arg4 $arg5)
# Get the generated sub-test num string

7
recipes-security/libseccomp/libseccomp.bb
View File

@@ -4,12 +4,11 @@ SECTION = "security"
LICENSE = "LGPL-2.1"
LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
SRCREV = "7f3ae6e6a12390bd38f0787b242f60c47ad076c3"
SRCREV = "937e774d8ccfd063a601f49ef46769de3926b62d"
PV = "2.2.3+git${SRCPV}"
PV = "2.3.1+git${SRCPV}"
SRC_URI = "git://github.com/seccomp/libseccomp.git \
"
SRC_URI = "git://github.com/seccomp/libseccomp.git"
S = "${WORKDIR}/git"